On Tuesday, an independent hacker and security researcher who goes by the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper Systems launched free public betas for two new privacy-focused programs on Googles Android mobile platform: RedPhone, a voice over Internet protocol VoIP program that encrypts phone calls, and TextSecure, an app for sending and receiving encrypted text messages and scrambling the messages stored in their inbox.

There may have been more threats — the FBI won’t release information on investigations that are still open — and there will likely be more this year; Senate Sergeant at Arms Terrance Gainer says threats against members of Congress were up 300 percent in the first few months of 2010.

I really want to know why they had source code at a convention. And how (or why) they managed to do live, on-the-scene computer forensics. And what work they do “for military and intelligence organizations”. Providing training simulations shouldn’t lead to possible compromise of their clients’ networks.

Something doesn’t add up here, unless they just have no idea of how to handle restricted / confidential data and have exaggerated things for publicity’s sake. Surely, no game developer would ever fall into those categories…

One of the reasons I have two sites here on Posterous and only one on Tumblr stems from my opposition to giving out my Twitter password to everybody that asks for it. We have OAuth now so that I can authorize your app to talk to Twitter for me without you actually needing my credentials directly. While my thoughts on passwords as a broken mechanism don’t really belong on this particular blog, I do want OAuth and OpenID (or something like them) everywhere. Not only do I not want to share my Twitter (and Gmail and whatever else) password with you, I’d really rather not have to create a whole new account for your site, complete with yet another password and profile setup and whatever.

It might take some extra effort, but I don’t know that that effort necessarily comes out to less than the effort required to create a secure authentication and authorization setup for your site. (Not to mention that many sites fail at the “secure” bit of that.) And it rapidly becomes a differentiator: I can use your site without having to jump through a gazillion hoops that benefit you the developer instead of me the user? Oh, and maybe that means you can easily connect me to my existing friends on your site? That drives more traffic and usage for you and keeps me interested because of the community, by the way, so everybody winds.